Feeds

IPv6 intro creates spam-filtering nightmare

Blacklist extinction looms

Top 5 reasons to deploy VMware with Tegile

The migration towards IPv6, which has been made necessary by the expansion of the internet, will make it harder to filter spam messages, service providers warn.

The current internet protocol, IPv4, has a limited address space which is reaching exhaustion* thanks to the fast uptake of internet technology in populous countries such as India and China and the more widespread use of smartphones. IPv6 promises 3.4 x 1038 addresses compared to the paltry 4.3 billion (4.3 x 109) addresses offered by IPv4.

While this expansion allows far more devices to have a unique internet address, it creates a host of problems for security service providers, who have long used databases of known bad IP addresses to maintain blacklists of junk mail cesspools. Spam-filtering technology typically uses these blacklists as one (key component) in a multi-stage junk mail filtering process that also involves examining message contents.

"The primary method for stopping the majority of spam used by email providers is to track bad IP addresses sending email and block them – a process known as IP blacklisting," explained Stuart Paton, a senior solutions architect at spam-filtering outfit Cloudmark. "With IPv6 this technique will no longer be possible and could mean that email systems would quickly become overloaded if new approaches are not developed to address this."

Other security technologies also track IP addresses for various purposes, including filtering out sources of denial of service attacks, click fraud and search engine manipulation. Tracking a vastly expanded IP address space will make life much harder for network defenders, Paton warns.

"As an example, the address space is so large that it would be easy for spammers to use a single IP address just once to send a single email," he said.

The information security industry and ISPs need to collaborate on working out how to resolve the problem in order to make sure inboxes are not flooded with more junk mail thanks to the introduction of the new internet-address protocol. In the meantime, Cloudmark suggests interim restriction might need to be applied to preserve existing systems.

"Cloudmark advocates that ISPs do not initially need to be able to receive mail from IPv6 addresses (on inbound) except from their own customers (known as outbound)," Paton explained. "This would ensure business continuity for ISPs and provisioning of ADSL/Cable modems to continue. This measure will also protect the IPv4 reputation system that is currently in use and working well."

Paul Wood, an anti-spam expert at Symantec.cloud (formerly MessageLabs), confirmed that other security firms are also considering whether to apply tougher controls on mail from IPv6 networks.   "It [IPv6] is definitely a real area of concern in the anti-spam community, and opinion varies on whether businesses should accept mail on IPv6 or not for this reason," Woods told El Reg. "I'm of the opinion that at least for the moment they shouldn't, unless the connections are from a trusted source."

Email is a two-way communication protocol (unlike web browsing), so legitimate IPv6 mail servers, outside of academia and testing environments, will need to support IPv4 for some years. "Relatively speaking, there are very few real mail servers in the world, so the starvation of IPv4 will not affect them much because there will for a very long time be a resale market in the IPv4 address space," Wood added.

Wood told El Reg that although the move to IPv6 is a bit of a headache for spam-filtering, it might also make life harder for hackers hoping to take advantage of open relays to distribute spam or mount other types of security attacks.

"While the arrival of IPv6 is likely to eliminate the usefulness of traditional IP-based blacklists, it is also likely to reduce the issues that arise from port-scanning of open relays and other vulnerabilities," Wood explained. "The IPv6 address space is so large it wouldn't be scalable from the bad-guys perspective – the returns will diminish over time." ®

* Although the last big blocks of IPv4 address space were allocated last month, there is plenty of assigned but unused space, estimated to be as high as 50 per cent by some experts. That means the resale market for IPv4 addresses is likely to last several years, at minimum.

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.